Microsoft today released updates to fix at least 90 security vulnerabilities in Windows and related software, including a whopping six zero-day flaws that are already being actively exploited by attackers. This month's bundle of update joy from Redmond includes patches for security holes in Office, .NET, Visual Studio, Azure, Co-Pilot, Microsoft Dynamics, Teams, Secure Boot, and of course Windows itself. READ MORE...
Kootenai Health has disclosed a data breach impacting over 464,000 patients after their personal information was stolen and leaked by the 3AM ransomware operation. Kootenai Health is a not-for-profit healthcare provider in Idaho, operating the largest hospital in the region, offering a wide range of medical services, including emergency care, surgery, cancer treatment, cardiac care, and orthopedics. READ MORE...
Scammers are once again using deepfake technology to dupe unwary internet Facebook and Instagram users into making unwise cryptocurrency investments. AI-generated videos promoting fraudulent cryptocurrency trading platform Immediate Edge have used deepfake footage of British Prime Minister Sir Keir Starmer and His Royal Highness Prince William to reach an estimated 890,000 people via Meta's social media platforms. READ MORE...
Russian government-connected hackers targeted people working for Eastern European human rights-focused groups, media outlets and a former U.S. ambassador to Ukraine with crafty email spear-phishing lures that appeared to come from acquaintances or family, according to research released Wednesday. The campaign uncovered by the researchers illustrates the persistence of Kremlin-linked hacking campaigns and the creative methods employed by malicious hackers to compromise their targets. READ MORE...
Industrial control system (ICS) security advisories were published on Tuesday by Siemens, Schneider Electric, Rockwell Automation, Aveva, and the US cybersecurity agency CISA. Siemens has published nine new advisories covering roughly 50 vulnerabilities. Nearly 30 flaws, including ones rated 'critical severity' and 'high severity' were found in the SINEC Network Management System (NMS) product. READ MORE...
Intel and AMD have each informed customers about dozens of vulnerabilities found and patched in their products. Intel has published 43 new advisories that cover a total of roughly 70 security holes. Nine advisories describe high-severity vulnerabilities. The high-severity flaws impact products such as Intel Core Ultra and other processors, SMI Transfer monitor (STM), Agilex FPGA firmware, and more. READ MORE...
Over the past few days, a software package called Deep-Live-Cam has been going viral on social media because it can take the face of a person extracted from a single photo and apply it to a live webcam video source while following pose, lighting, and expressions performed by the person on the webcam. While the results aren't perfect, the software shows how quickly the tech is developing-and how the capability to deceive others remotely is getting dramatically easier over time. READ MORE...
Despite a law enforcement takedown six months ago, LockBit 3.0 remains the most prolific encryption and extortion gang, at least so far, this year, according to Palo Alto Networks' Unit 42. Of the 53 ransomware groups whose underworld websites, where the crooks name their victims and leak stolen data, that the incident response team monitored, just six accounted for more than half of the total infections observed. READ MORE...
In what may come as a surprise to nobody at all, there's been yet another complaint about using social media data to train Artificial Intelligence (AI). This time the complaint is against X (formerly Twitter) and Grok, the conversational AI chatbot developed by Elon Musk's company xAI. Grok is a large language model (LLM) chatbot able to generate text and engage in conversations with users. READ MORE...
SAP has released its security patch package for August 2024, addressing 17 vulnerabilities, including a critical authentication bypass that could allow remote attackers to fully compromise the system. The flaw, tracked as CVE-2024-41730 and rated 9.8 as per the CVSS v3.1 system, is a "missing authentication check" bug impacting SAP BusinessObjects Business Intelligence Platform versions 430 and 440 and is exploitable under certain conditions. READ MORE...